﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

using System.Data.SqlClient;
using System.Data;
using System.Configuration;

namespace TodoList3
{
    public class Item
    {
        private int id;
        private char titles;
        public int Id { get => id; set => id = value; }
        public char Titles { get => titles; set => titles = value; }

    }

    public partial class index : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {

        }

        protected void AddItem_Click(object sender, EventArgs e)
        {

        }

        protected void Tiele_TextChanged(object sender, EventArgs e)
        {

        }

        protected void Submit(object sender, EventArgs e)
        {
            string title = this.Title.Text;
            // this.InsertData(title);
            this.InsertDataBySP(title);
        }

        private void InsertData(string title)
        {
            string connection = ConfigurationManager.ConnectionStrings["dbConnection"].ConnectionString;

            SqlConnection sqlcon = new SqlConnection(connection);
            try
            {
                SqlCommand command = new SqlCommand();
                command.Connection = sqlcon;
                command.CommandText = "INSERT INTO [dbo].[Item]([title]) VALUES('" + title + "')";
                sqlcon.Open();
                command.ExecuteNonQuery();
            }
            catch (Exception ex) 
            {
            }
            finally {
                sqlcon.Close();
            }
        }//当输入') delete from Item -- 时会有删库风险。

        private void InsertDataBySP(string title)
        {
            string connection = ConfigurationManager.ConnectionStrings["dbConnection"].ConnectionString;
            // System.Data.OleDb.OleDbConnection    
            // System.Data.OleDb.OleDbCommand
            // System.Data.OleDb.OleDbParameter
            SqlConnection sqlcon = new SqlConnection(connection);
            System.Data.OleDb.OleDbConnection oleDb = new System.Data.OleDb.OleDbConnection();
            


            try
            {
                SqlCommand command = new SqlCommand();
                command.Connection = sqlcon;
                command.CommandType = CommandType.StoredProcedure;
                command.CommandText = "prInsertItem";
                SqlParameter parameterTitle = new SqlParameter("@title", SqlDbType.VarChar);
                parameterTitle.Value = title;
                command.Parameters.Add(parameterTitle);
                sqlcon.Open();
                command.ExecuteNonQuery();
            }
            catch (Exception ex)
            {
            }
            finally
            {
                sqlcon.Close();
            }
        }
    }
}